🔐sudo policies

Begining with this section, we will create a file in /etc/sudoerd.d/ . The file will serve the purpouse of storing our sudo policy.

1. The command that we will use will be

touch /etc/sudoers.d/sudo_config

1. Then we must create a directory as is asked in the subject in /var/log/ because each commands need to be logged, the input and output. We will use:

mkdir /var/log/sudo

1. We must edit the file that we created in the first step of this section. Use any text editor, but for this guide as is in every screenshot we will use nano. Use:

nano /etc/sudoers.d/sudo_config

1. Once we are editing the file we must set it up with the following commands:

Defaults  passwd_tries=3
Defaults  badpass_message="Mensaje de error personalizado"
Defaults  logfile="/var/log/sudo/sudo_config"
Defaults  log_input, log_output
Defaults  iolog_dir="/var/log/sudo"
Defaults  requiretty
Defaults  secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

As it should be on the file:

passwd_tries=3: Total tries for entering the sudo password.

badpass_message="message": The message that will show when the password failed.

logfile="/var/log/sudo/sudo_config": Path where will the sudo logs will be stored.

log_input, log_output: What will be logged.

iolog_dir="/var/log/sudo": What will be logged.

requiretty: TTY become required

secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin": Folders that will be excluded of sudo